RU2227375C2 - Method for transmitting digital information in computer network - Google Patents

Abstract

FIELD: electrical communications and computer engineering including methods and devices for cryptographic data processing. SUBSTANCE: method includes following procedures on sending end: input signal division into n-bit blocks; generation of protection key in the form of k-bit binary vector; its supply for initial fill-up of k-bit feedback shift register that generates maximal-length pseudorandom sequence incorporating 2^k-1 binary characters; generation of pseudorandom-sequence binary vector by concurrently taking information off different bits of shift register, length of pseudorandom-sequence binary vector being chosen to equal that of input-signal binary-vector block; coding of input signal block by modulo two addition of pseudorandom-sequence binary vector bits to binary-vector bits of input signal block followed by transfer of encoded input signal block over communication line; on receiving end: signal reception; generation of protection key in the form of k-bit binary vector; its supply for initial fill-up of k-bit feedback shift register; its supply for initial fill-up of k-bit feedback shift register; generation of n-bit pseudorandom-sequence binary vector like on sending end; decoding of encoded input-signal block by modulo two addition of its bits to pseudorandom-sequence binary vector bits; transfer of input signal to terminal device. Novelty is that on sending end second pseudorandom-sequence binary vector is generated by concurrently taking information off other different n bits of shift register and conversion of encoded input-signal block by modulo P = 2ⁿ addition (this number corresponding to binary vector of input-signal block) to number corresponding to second binary vector of pseudorandom sequence and that on receiving end second binary vector of pseudorandom sequence is generated like on sending end, converted into joint binary vector by subtracting number corresponding to second pseudorandom-sequence binary vector from number P, and encoded input-signal block is recovered by modulo P addition (this number corresponding to joint pseudorandom-sequence binary vector) to number corresponding to binary vector of encoded input- signal block. EFFECT: enhanced code stability to attacks basing on known and selected source texts. 1 cl, 2 dwg

Description

The invention relates to the field of telecommunications and computing, and more particularly to the field of methods and devices for cryptographic data conversion.

Known methods for transmitting discrete information in a computer network (see, for example, Application for invention No. 99123808/09 dated 10.11.1999-IPC Н 04 В 1/713 [1], the British algorithm B-Grypt, which is an addition to the US standard DES [2 ], p. 50, 126-128, as well as the method described in [3], p. 50-51)

In known methods, discrete information is transmitted by generating a security key, generating a pseudo-random sequence of binary characters, encoding information by modulo adding two characters of the input data stream with pseudo-random characters and decoding information on the receiving side by modulating two characters of the received packet with pseudo-random characters sequence.

Known methods for transmitting discrete information ensure the integrity and high speed processes of conversion of transmitted information in a computer network.

The closest in technical essence to the claimed method is the method presented in [2] p. 126-128 and in [3] p. 50-51.

The prototype method includes dividing the input signal into blocks of length n bits at the transmitting end, generating a security key in the form of a binary vector of length k bits, supplying it for the initial filling of the feedback shift register having k bits and generating a pseudorandom sequence of maximum length, containing 2 ^k -1 binary characters, the formation of a binary vector of a pseudo-random sequence by simultaneously collecting information from different bits of the shift register, the length the binary vector of the pseudo-random sequence is chosen equal to the length of the binary vector, the input signal block, the coding of the input signal block by modulo adding two bits of the binary vector of the pseudo-random sequence with the bits of the binary vector of the input signal block and the subsequent transmission of the encoded block, the input signal via the communication line the receiving end of the communication line, the formation of the security key in the form of a binary vector, k bits long, feeding it for the initial filling of the shift register with by direct communication, having k bits, as well as generating, on the transmitting side of the binary vector, a pseudo-random sequence of n bits in length, decoding the encoded block of the input signal by modulating its two bits with the bits of the binary vector, pseudo-random sequence, and supplying the input signal to the terminal device.

However, the prototype method has disadvantages. Despite the fact that the code based on the addition of a stream of pseudo-random bits with the bits of the source text, modulo two, is generally theoretically unrecognizable (see [2], p.126) the encoding system itself is not robust and can be disclosed. If the structure of the shift register with k bits is known, then to find the initial state of the shift register you need to know k characters of the known plaintext, which are added modulo two with the corresponding k characters of the encoded text. The resulting k characters of the pseudo-random sequence determine the state of the shift register at some point in time. Modeling the operation of the shift register in the opposite direction, it is possible to determine its initial state, and therefore the keys used by network users when encoding information.

If the structure of the shift register having k-bits is unknown, then 2 · k-characters of the known plaintext and the corresponding 2 · k-characters of the encoded text are enough to determine the state of the shift register relatively quickly (within a few seconds of computer operation) and calculate the keys used (see, for example, [4], p. 93). And this leads to a decrease in the resistance of the code to attacks based on known and selected sources, which does not ensure the confidentiality of the transmitted information and leads to the need to change the security key. Security keys can be used only once and during the next communication session should be determined in a new way.

The invention is aimed at increasing the resistance of the code to attacks based on well-known and selected source codes.

This is achieved by the fact that in the known method of transmitting discrete information, which consists in dividing the input signal into blocks of length n bits, forming a security key in the form of a binary vector with a length of k bits, supplying it for the initial filling of a shift register with feedback having k bits and generating pseudo-random maximal length sequence comprising 2 ^k -1 binary symbols forming the pseudo-random sequence of binary vector by simultaneous parallel reading information with different p bits of the shift register, while the length of the binary vector of the pseudorandom sequence is chosen equal to the length of the binary vector block of the input signal, the coding of the block of the input signal by adding modulo two bits of the binary vector of the pseudorandom sequence with the bits of the binary vector of the block of the input signal and the subsequent transmission of the encoded block of the input signal by communication line, receiving a signal at the receiving end of the communication line, forming a security key in the form of a binary vector of length k bits, feeding it to start complete register filling, a shift with feedback, with k bits, and also forming, on the transmitting side of the binary vector, a pseudo-random sequence of length n bits, decoding the encoded block, the input signal by modulating its two bits with the bits of the binary vector of the pseudo-random sequence and supplying an input signal to a terminal device according to the invention, a second pseudo-random sequence binary vector is additionally formed on the transmitting side by simultaneously collecting information from other n different bits of the shift register and transform the encoded block of the input signal by adding modulo P = 2 ^{n the} number corresponding to the binary vector of the encoded block of the input signal with the number corresponding to the second binary vector of the pseudo-random sequence, and on the receiving side additionally form, in the same way as on the transmitting side, the second binary vector of the pseudo-random sequence, convert it to a conjugate double by subtracting from the number P the number corresponding to the second binary vector of the pseudorandom sequence, and restore the encoded block by adding modulo P the number corresponding to the conjugated binary vector of the pseudorandom sequence with the number corresponding to the binary vector of the encoded block of the input signal.

In the inventive method, a binary vector is understood to mean a signal in the form of a sequence of zero and unit bits corresponding to the representation of a number in a binary system.

The listed set of essential features excludes the possibility of defining security keys and increases the resistance of the code to attacks based on known and selected source texts. In this case, the generated pseudo-random sequence of characters in the form of binary vectors of length n bits are a pseudo-random sequence of characters 0, 1, 2, ..., n-1 have the same period N = 2 ^k -1 as the pseudo-random sequences of binary numbers, and provide statistical uniformity of the characters used.

Since cryptographic transformations use two pseudo-random sequences of characters and two different operations, the addition of characters modulo two and the addition of numbers modulo P = 2 ⁿ , then in the presence of arbitrarily characters of the source and corresponding characters of the ciphertext, the possibility of determining characters of pseudorandom sequences is excluded, so how to determine them the number of equations will always be less than the number of unknowns. At the same time, the code is resistant to attacks based on known and selected source texts, since the opening of the state of the shift register in this case can be achieved only by total enumeration of the entire set of possible states of the shift register. Since the US DES standard provides for the use of a shift register having 128 bits (key length 128 bits), the power of the set of possible states of the shift register will be 10 ³⁸ . If the autopsy of the state of the shift register is carried out using a computer with a clock frequency of 100 GHz, the number of operations performed by this computer during the year will be 3 · 10 ²⁰ , and the opening time is 10 ¹⁷ years.

The possibility of technical implementation of the claimed method is illustrated as follows.

The formation of the security key is carried out by entering a password from the keyboard or from a magnetic storage medium into a pseudo-random number generator, receiving at the output a security key of the required size.

The formation of a pseudo-random sequence of maximum length containing 2 ^k -1 characters is carried out by using a linear shift register having k bits, the feedback of which is determined by the form of the selected primitive polynomial of degree k. Finding primitive polynomials of degree k is described in [4] on pages 74-75.

The formation of a pseudo-random sequence of characters in the form of binary vectors of length n bits is carried out by taking information from n different bits of the shift register, the numbers of which can be determined by the value of the entered security key K. For example, by determining the generating element

l ₀ ≡ К [mod q), if l ₀ <2, then l ₀ = 2,

and calculating the number of the discharge register shift according to the formula

.l ₁ = l ₀ , l _i ≡ l ₀ l _i-1 (modq),

.

The value of q is selected from primes and for the shift register, which has 256 bits, q = 257, for the shift register, which has 128 bits, q = 127.

,

,... ,

будут различны.In this case, due to raising to the power of the generating number l ₀ we will pass from one element of the field F _q to another. Moreover, as shown in [4] p. 44, if l ₀ is an element of order k, then all elements l ₀ ,

,

, ...,

will be different.

Four more variants of the formation of pseudorandom sequences of characters in the form of binary vectors are used.

1. An additional security key is generated and for each communication session, a random binary vector of length k bits is generated, a binary vector is created for the initial filling of the shift register by modulo adding two bits of a random binary vector with the bits of the main security key, and an additional security key is used for encoding and transmitting to the receiving end of the communication line a random binary vector by adding their bits modulo two.

In this case, if the initial state of the shift register is determined, then to determine the security keys, knowledge of a random binary vector is required, which is randomly selected for each communication session. Since the statistical methods of cryptanalysis in this case are unacceptable, the security keys can be opened only by total enumeration of the entire set of possible keys. At the same time, there is no need to assign security keys for new communication sessions and the code is resistant to attacks on opening security keys based on determining the state of the shift register when encoding information.

2. Change the numbers of the bits of the shift register, from which information is removed for the pseudo-random sequence of characters of the final field, in accordance with the change in the initial filling of the shift register.

3. Change the reading order for the pseudo-random sequence of characters of the final field in accordance with the change in the initial filling of the shift register.

The formation of a pseudo-random sequence of characters of the final field according to claim 2 and 3 increases the resistance of the code to attacks on the basis of known and selected source texts when generating a short protection key.

4. Skip those steps of the shift register for which the characters of the generated binary vectors of pseudo-random sequences coincide in all or several selected bits.

In this case, pseudorandom sequences are formed according to the type of “compression generator” with non-uniform movement of the shift register. This significantly increases the linear complexity of the pseudo-random sequences and significantly complicates the opening of the state of the shift register.

The proposed method can be implemented using devices. represented by the block diagram in figure 1, where: block 1 is the signal source; block 2 - the first driver of the security key; block 3 - the first shift register; block 4 - encoding device; block 5 - transmitter; block 6 - the receiver; block 7 - the second driver of the security key; block 8 - the second shift register; block 9 - decoding device; block 10 is a terminal device, and the block diagram of figure 2, where blocks 11-16 bits 1-6 of the register, the shift, and block 17 is an adder modulo two.

For simplicity, the description of the operation of the device will use small numbers. We assume that the shift register has 6 bits (the security key length is 6 bits), and the input signal block has a length of 4 bits. To determine the structure of the shift register, a primitive polynomial of the sixth degree is chosen; eg

λ ⁶ + λ ⁵ +1.

For the selected primitive polynomial, the block diagram of the feedback shift register is shown in FIG. 2.

Formed in block 2 of Fig. 1 using a random number generator, a security key 6 bits in length

<λ ₆ , λ ₅ , λ ₄ , λ ₃ , λ ₂ , λ ₁ >,

where λ ₁ = 0, λ ₂ = 0, λ ₃ = 0, λ ₄ = 1, λ ₅ = 1, λ ₆ = 1;

enters the shift register and is used to initially fill the bits of the shift register. Binary symbols from the 5th and 6th bits of the shift register arrive at each input of the adder 17 modulo two, and from the output of the adder modulo two ε symbols go to the input of the first bit of the shift register (block 11, figure 2). In this case, the state of the discharges for each cycle during the operation of the shift register is determined by the expression

, λ ₁=ε .λ _i = λ _i-1 for

, λ ₁ = ε.

If the characters will be removed from the sixth digit λ ₆ of the shift register (block 16, figure 2), then the binary pseudorandom sequence of the maximum period will have the form

{1110000010000110001010011110100011

100100101101110110011010101111}.

Note that on the period of this sequence, any nonzero set of six digits 0 and 1 occurs only once.

If binary numbers will be removed from the 1st, 2nd, 3rd and 4th digits of the shift register (blocks 11, 12, 13, 14, Fig. 2) and at each clock cycle of the shift register with the set <λ ₁ , λ ₃ , λ ₃ , λ ₄ > we will compare the binary vector (number) x = λ ₁ + 2λ ₂ + ^{2 2} λ ₃ +2 ³ λ ₄ , then the sequence of binary numbers in the process of register operation can be considered as a sequence of x numbers (characters) {0, 1, 2 , ..., 15} in the form

x = 8, 0, 0, 1, 2, 4, 8, 0, 1, 3, 6, 12, 8, 1, 2, 5, 10, 4, 9, 3, 7, 15, 14, 13, 10, 4, 8, 1, 3, 7, 14, 12, 9, 2, 4, 9, 2, 5, 11, 6, 13, 11, 7, 14, 13, 11, 6, 12, 9, 3, 6, 13, 10, 5, 10, 5, 11, 7, 15, 15, 15, 14, 12, ....

If we take binary numbers simultaneously from 1, 2, 5, 6 bits of the shift register (blocks 11, 12, 15, 16) at each step of its operation with the set <λ ₆ , λ ₅ , λ ₂ , λ ₁ > we will associate the binary vector (number) y = λ ₆ + 2λ ₅ +2 ² λ ₂ + 2 ³ λ ₁ , so the sequence of binary numbers in the process of the shift register can be considered as a sequence of characters y 0, 1, 2, ..., 15 in the form

y = 3, 3, 1, 8, 4, 0, 0, 2, 9, 12, 4, 0, 2, 11, 5, 8, 4, 2, 9, 14, 13, 12, 6, 11, 7, 3, 1, 10, 13, 12, 4, 2, 11, 7, 1, 8, 6, 9, 12, 6, 9, 14, 15, 5, 10, 15, 7, 1, 10, 15, 5, 8, 6, 11, 5, 10, 13, 14, 13, 14, 15, 7, 3, ....

The analysis of the generated sequences x and y shows that on the interval corresponding to the period equal to 63 clock cycles of the shift register; each of the characters {1, 2, ..., 15} occurs exactly four times. The symbol corresponding to zero occurs exactly three times in both sequences, and the x and y sequences cannot be obtained from each other as a result of a cyclic shift. In the sequences x and y there are no hidden periodicities and the statistical uniformity of the symbols used is ensured.

The generated pseudo-random sequences of symbols x and y in the form of binary vectors are sent to the encoder 4, where the input signal block 0111⇒ 7 is encoded by modulating its two bits with the bits of the binary vector of the pseudo-random sequence x = 8⇒ 1000. The resulting binary vector 1111⇒ 15 add modulo P = 2 ⁴ = 16 with the characters of the pseudo-random sequence y = 3⇒ 0011 and transmit the encoded message in the form of a binary vector 0010⇒ 2.

In this case, the decoding of the message is carried out in block 9 in the following order. The received block 0010⇒ 2 is added modulo 16 with the conjugate symbol of the pseudo-random sequence y * = P-y = 16-3 = 13⇒ 1101. From the resulting number 13 + 2 = 15 (mod 16) ⇒ 1111 form the binary vector 1111 and add it two bits modulo with the bits of the binary vector of the pseudo-random sequence x = 8⇒ 1000, as a result, get the binary vector 0111⇒ 7, corresponding to the binary vector of the input signal.

The implementation of the proposed method does not cause difficulties, since all the blocks and nodes included in the device that implements the method are well known and widely described in the technical literature.

Sources of information

1. A method of transmitting discrete information in a radio line with a pseudo-random tuning of the operating frequency and a device for its implementation. Application for invention No. 99123808/09 dated 10.11.1999 - IPC7 N 04 B 1/713.

2. S. Maftik. Protection mechanisms in computer networks. - M., 1993

3. V.I. Nechaev. Elements of cryptography. Fundamentals of information security theory. - M.: Higher school, 1999.

4. B.N. Voronkov, V.I. Tupota. Toolkit for the development of information security tools in computer networks. - Voronezh: Voronezh State University, 2000.

Claims (5)

1. A method of transmitting discrete information in a computer network, including on the transmitting side dividing the input signal into blocks of length n bits, generating a security key in the form of a binary vector of length k bits, supplying it for the initial filling of the feedback shift register with k bits and generating pseudo-random maximal length sequence comprising 2 ^k -1 binary symbols, the formation of pseudo-random sequence of binary vector by simultaneous parallel reading information with variou x bits of the shift register, while the length of the binary vector of the pseudo-random sequence is chosen equal to the length of the binary vector of the input signal block, the coding of the input signal block by modulo addition of two bits of the binary vector of the pseudorandom sequence with the bits of the binary vector of the input signal block and the subsequent transmission of the encoded block of the input signal by communication lines, receiving a signal at the receiving end of a communication line, generating a security key in the form of a binary vector of length k bits, supplying it for n initial filling of the shift register with feedback, having k bits, as well as the formation on the transmitting side of the binary vector of a pseudo-random sequence of length n bits, the decoding of the encoded block of the input signal by modulo addition of its two bits with the bits of the binary vector of the pseudo-random sequence and feeding input signal to the terminal device, characterized in that the second binary vector of the pseudo-random sequence is additionally formed on the transmitting side Using parallel simultaneous reading of information from other n different bits of the shift register, the encoded block of the input signal is transformed by adding modulo P = 2 ^{n the} number corresponding to the binary vector of the encoded block of the input signal with the number corresponding to the second binary vector of the pseudo-random sequence, and at the receiving the second binary vector of the pseudo-random sequence is additionally formed on the side similarly as on the transmitting side, it is converted the binary vector by subtracting from the number P the number corresponding to the second binary vector of the pseudo-random sequence, and the encoded block of the input signal is restored by modulo P addition of the number corresponding to the conjugated binary vector of the pseudo-random sequence with the number corresponding to the binary vector of the encoded block of the input signal. 2. The method according to claim 1, characterized in that an additional security key is generated and a random binary vector of length k bits is generated for each communication session, a binary vector is created for the initial filling of the shift register by modulo addition of two bits of a random binary vector with the bits of the security key , and an additional security key is used to encode and transmit to the receiving end of the communication line a random binary vector. 3. The method according to any one of claims 1 and 2, characterized in that those clock cycles of the shift register are skipped for which the symbols of the generated binary vectors of the pseudorandom sequences coincide in all or several selected bits. 4. The method according to any one of claims 1 to 3, characterized in that, at each communication session, the numbers of the shift register bits are changed, from which information is generated for generating binary vectors of pseudorandom sequences depending on the generated binary vector of the initial shift register filling. 5. The method according to any one of claims 1 to 4, characterized in that, at each communication session, the order of reading information from the selected bits of the shift register is changed to generate binary vectors of pseudorandom sequences depending on the generated binary vector of the initial shift register filling.

Images